Researchers found that there has been a constant rise in bad bots that has surpassed record-high bad bot traffic detected last year – 25.6% of all web requests.

Insights from the report

Barracuda experts offer insights into the world of good and bad bots.
  • With automated traffic making up 64% of internet traffic, just 25% accounted for good bots, such as social network bots and search engine crawlers.
  • Approximately 39% of all the bot traffic comprised bad bots. These include basic web scrapers, attack scripts, as well as advanced persistent bots.
  • Advanced bots have usually better evading techniques and more damage potential.

Where are bad bots coming from?

  • While North America is responsible for sending out 67% of bad bot traffic, Europe and Asia contribute 22% and 7.5% of the traffic, respectively.
  • North America’s traffic mostly arises from public data centers, however, European bad bots join from hosting services or residential IPs.
  • Most bot traffic spur from the two largest public cloud vendors, including AWS and Microsoft Azure, that too in roughly equal measure.

A majority of bad bots follow the standard workday routine that helps them hide within normal human traffic streams and avoid suspicion.

Indicators of bad bots

  • Abnormal spikes in traffic might occur during odd hours. Sudden slowed-down server performance is also a strong indicator.
  • During a malicious attack, the primary channel sending direct traffic will consist of new users and sessions.
  • Suspicious hits from single IPs or an increase in activity to an unknown IP range.
  • If the hits are coming from other language-speaking regions where you don’t have customers.

Closing thoughts

As per a recent survey, automated bots managed by malicious actors cost organizations up to $250 million a year, at least for the 25% worst impacted businesses. When left unchecked, bad bots can steal data, spam with irrelevant forms, malware ads, and slow down the targeted site’s performance. It’s better to detect and effectively block bot traffic that tried to meddle with your businesses.

Cyware Publisher